---
# tasklist for setting up bodhi/composer (requires bodhi/base)
# This is the base set of files needed for bodhi/composer

# The ftpsync group and user are needed to sync the files to the master mirror
- name: add ftpsync group
  group: name=ftpsync gid=263 system=yes state=present
  tags:
  - bodhi
- name: add ftpsync user
  user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present
  tags:
  - bodhi

- name: install needed packages
  package:
    name:
      - bodhi-composer
      - python3-pyramid_sawing
      - sigul
      - fedora-messaging
      # This next one is not strictly needed since bodhi-composer depends on bodhi-server which
      # depends on python3-celery, but since we're depoying a service file calling celery in this
      # role I think it makes sense to require it here instead of assuming a dependency chain.
      - python3-celery
      # This is used to generate zchunk data more efficiently
      - fedora-repo-zdicts
      # The new-updates-sync script uses this
      - ostree
      - pungi-utils
      # Needed for runroot
      - python3-koji-cli-plugins
      # needed to make comps
      - make
      # needed for updates sync
      - rsync
      # For staging the release candidate composes
      - compose-utils
    state: present
  tags:
  - packages
  - bodhi

- name: update bodhi composer
  when: env == 'staging'
  package:
    name:
      - bodhi-composer
    state: latest
  tags:
  - packages
  - bodhi


- name: add apache user to the masher group so it can talk to the monitoring socket
  user: name=apache groups=ftpsync append=yes
  tags:
  - bodhi

- name: Put pungi configurations in place
  template: src="{{item}}" dest=/etc/bodhi/{{item}}
  with_items:
  - pungi.module.conf.j2
  - pungi.rpm.conf.j2
  - variants.module.xml.j2
  - variants.rpm.xml.j2
  tags:
  - bodhi
  - bodhi/pungi
  - config

#
# koji ssl cert for owner sync jobs below
#
#
# cron job that syncs packages to koji
#
- name: put owner-sync-pagure in place
  template: src=owner-sync-pagure.j2 dest=/usr/local/bin/owner-sync-pagure mode=0755
  tags:
  - config
  - bodhi
  - cron

- name: sync packages from pagure-on-dist-git to koji (all branches)
  # XXX If you modify this taglist.  Please also modify the other copy in
  # bodhi2/backend/files/koji_sync_listener.py
  # This cronjob runs only once a day.  The listener script runs reactively.
  cron: name="owner-sync" minute="15" hour="4" user="root"
      job="/usr/local/bin/lock-wrapper owner-sync '/usr/local/bin/owner-sync-pagure f38 f38-container f38-modular f37 f37-container f37-modular f36 f36-container f36-modular f35 f35-container f35-modular epel9 epel9-next epel8 epel8-next epel8-modular epel7 module-package-list modular'"
      cron_file=update-koji-owner
      user=apache
  when: env == "production"
  tags:
  - bodhi
  - cron

- name: Determine Python version
  command:
    argv:
      - python3
      - -c
      - "from sys import version_info as vi; print(f'{vi[0]}.{vi[1]}')"
  register: _python3_version_result
  changed_when: False

- name: Set Python version fact
  set_fact:
    py3ver: "{{ _python3_version_result.stdout | trim }}"

- name: put the koji sync listener script in place
  copy:
    src: koji_sync_listener.py
    dest: /usr/lib/python{{ py3ver }}/site-packages/koji_sync_listener.py
    mode: 0644
  when: env == "production"
  tags:
  - bodhi
  - koji-sync

- name: put the koji sync listener config file in place
  template:
    src: koji_sync_listener.toml
    dest: /etc/fedora-messaging/koji_sync_listener.toml
  when: env == "production"
  notify:
  - reload systemd
  - restart fm-consumer@koji_sync_listener
  tags:
  - bodhi
  - koji-sync

- name: start the fm-consumer@koji_sync_listener service
  service: name=fm-consumer@koji_sync_listener enabled=yes state=started
  when: env == "production"
  tags:
    - bodhi
    - koji-sync
#
# cron job that syncs updates to master mirror
#

- name: put new-updates-sync in place
  copy: src=new-updates-sync dest=/usr/local/bin/new-updates-sync mode=0755
  when: env == "production"
  tags:
  - config
  - bodhi
  - cron

- name: put bodhi-automated-pushes.py in place
  copy: src=bodhi-automated-pushes.py dest=/usr/local/bin/bodhi-automated-pushes.py mode=0755
  when: env == "production"
  tags:
  - config
  - bodhi
  - cron

# These next two are used by quick-fedora-mirror
- name: put update-fullfiletimelist in place
  copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode=0755
  when: env == "production"
  tags:
  - config
  - bodhi
  - cron
- name: add create-filelist script from quick-fedora-mirror
  copy: src="{{ files }}/scripts/create-filelist" dest=/usr/local/bin/create-filelist mode=0755
  when: env == "production"
  tags:
  - config
  - bodhi
  - cron

- name: Set the updates sync cron job
  copy: src=new-updates-sync.cron dest=/etc/cron.d/updates-sync
  when: env == "production"
  tags:
  - config
  - bodhi
  - cron

- name: Set the bodhi-automated-pushes cron job
  template: src=bodhi-automated-pushes.cron.j2 dest=/etc/cron.d/bodhi-automated-pushes
  when: env == "production"
  tags:
  - config
  - bodhi
  - cron

# This generates https://dl.fedoraproject.org/pub/DIRECTORY_SIZES.txt
- name: directory sizes update cron job.
  cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync"
        job="/usr/bin/find /pub/alt/ /pub/archive/ /pub/fedora-secondary/ /pub/fedora/ /pub/epel/ -type d  ! -path '/pub/alt/screenshots/f21/source' | grep -v snapshot | /usr/bin/xargs -n 1 /usr/bin/du --exclude=.snapshot -sh > /tmp/DIRECTORY_SIZES.txt 2> /dev/null; cp /tmp/DIRECTORY_SIZES.txt /pub/"
        cron_file=directory-sizes-update
  when: env == "production"
  tags:
  - config
  - bodhi
  - cron

# Bodhi cron jobs, disabled on staging because we replaced them with celery-beat

- name: bodhi-approve-testing cron job.
  cron:
    name: bodhi-approve-testing
    minute: "*/3"
    user: apache
    job: "/usr/bin/bodhi-approve-testing /etc/bodhi/production.ini > /dev/null"
    cron_file: bodhi-approve-testing-job
    state: absent
  tags:
  - config
  - bodhi
  - cron

- name: bodhi-check-policies cron job.
  cron:
    name: bodhi-check-policies
    hour: "*/1"
    minute: "0"
    user: apache
    job: "/usr/bin/bodhi-check-policies >& /dev/null"
    cron_file: bodhi-check-policies-job
    state: absent
  tags:
  - config
  - bodhi
  - cron

- name: bodhi-clean-old-composes cron job.
  cron:
    name: bodhi-clean-old-composes
    hour: "03"
    minute: "03"
    user: root
    job: "/usr/bin/bodhi-clean-old-composes 2>&1 | logger -t bodhi-clean-old-composes"
    cron_file: bodhi-clean-old-composes
    state: absent
  tags:
  - config
  - bodhi
  - cron

- name: bodhi-expire-overrides cron job.
  cron:
    name: bodhi-expire-overrides
    hour: "*"
    minute: "0"
    user: apache
    job: "/usr/bin/bodhi-expire-overrides /etc/bodhi/production.ini 2>&1 | logger -t bodhi-expire-overrides"
    cron_file: bodhi-expire-overrides-job
    state: absent
  tags:
  - config
  - bodhi
  - cron

- name: Install logging.yaml
  template: >
    src="{{  roles_path  }}/bodhi2/base/templates/logging.yaml"
    dest="/etc/bodhi/logging.yaml"
    owner=apache
    group=apache
    mode=0600
  tags:
  - config
  - bodhi

- name: Install production.ini
  template:
    src: "{{ roles_path }}/bodhi2/base/templates/production.ini.j2"
    dest: /etc/bodhi/production.ini
    owner: apache
    group: apache
    mode: 0600
  tags:
  - config
  - bodhi

- name: Install celeryconfig.py
  template:
    src: "{{ roles_path }}/bodhi2/base/templates/celeryconfig.py.j2"
    dest: /etc/bodhi/celeryconfig.py
    owner: apache
    group: apache
    mode: 0600
  tags:
  - config
  - bodhi

- name: Install fedora-messaging config
  template:
    src: "{{ roles_path }}/bodhi2/base/templates/fedora-messaging.toml.j2"
    dest: /etc/fedora-messaging/config.toml
    owner: apache
    group: apache
    mode: 0600
  tags:
  - config
  - bodhi

- name: Create /etc/pki/fedora-messaging
  file:
    dest: /etc/pki/fedora-messaging
    mode: 0775
    owner: root
    group: root
    state: directory
  tags:
  - bodhi

- name: Deploy the fedora-messaging CA
  copy:
    src: "{{ private }}/files/rabbitmq/{{env}}/pki/ca.crt"
    dest: /etc/pki/fedora-messaging/cacert.pem
    mode: 0644
    owner: apache
    group: apache
  tags:
  - bodhi

- name: Deploy the fedora-messaging cert
  copy:
    src: "{{ private }}/files/rabbitmq/{{env}}/pki/issued/bodhi{{env_suffix}}.crt"
    dest: /etc/pki/fedora-messaging/bodhi-cert.pem
    mode: 0644
    owner: apache
    group: apache
  tags:
  - bodhi

- name: Deploy the fedora-messaging key
  copy:
    src: "{{ private }}/files/rabbitmq/{{env}}/pki/private/bodhi{{env_suffix}}.key"
    dest: /etc/pki/fedora-messaging/bodhi-key.pem
    mode: 0600
    owner: apache
    group: apache
  tags:
  - bodhi

- name: Let the ftpsync user also read the fedora-messaging config
  command: /usr/bin/setfacl -m user:ftpsync:rx /etc/fedora-messaging/config.toml
  tags:
  - config
  - bodhi

- name: Let the ftpsync user also read the fedora-messaging key
  command: /usr/bin/setfacl -m user:ftpsync:rx /etc/pki/fedora-messaging/bodhi-key.pem
  tags:
  - config
  - bodhi

- name: make a mnt/koji link
  file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji force=yes
  tags:
  - bodhi

- name: Create /etc/systemd/system/fm-consumer@.service.d
  file:
    state: directory
    path: /etc/systemd/system/fm-consumer@.service.d
    owner: root
    group: root
    mode: 0755
  tags:
  - bodhi
  - config

- name: Configure fm-consumer@.service to run as apache
  copy:
    src: fm-consumer@.service
    dest: /etc/systemd/system/fm-consumer@.service.d/local.conf
    owner: root
    group: root
    mode: 0644
  notify:
  - reload systemd
  tags:
  - bodhi
  - config

- name: Setup the Celery service
  copy:
    src: bodhi-celery.service
    dest: /etc/systemd/system/bodhi-celery.service
    owner: root
    group: root
    mode: 0644
  notify:
  - reload systemd
  tags:
  - bodhi
  - config

- name: ensure apache is disabled on the backend
  service: name=httpd enabled=no state=stopped
  tags:
  - bodhi

- name: ensure fedora-messaging and celery are enabled and started on the backend
  service:
    name: "{{ item }}"
    enabled: yes
    state: started
  with_items:
  - fm-consumer@config
  - bodhi-celery
  tags:
  - bodhi

- name: Set up koji profile
  template: src=kojiprofile.conf dest=/etc/koji.conf.d/bodhi.conf
  tags:
  - bodhi
